<%
'--------------------------------------------------------------------------------------------
'Questa funzione serve a controllare che i file singoli non siano
'richiamati dal browser ma solo da OpenAsp, nel caso in cui il browser tenta di aprire tali file
'l'utente viene subito rimandato alla homepage del sito
'splitto la stringa SQL per recuperare la pagina che si cerca di aprire
i = split(request.ServerVariables("HTTP_URL"), "/")
'confronto il nome del modulo con la funzione Ubound che mi restituisce il massimo
'valore dell'array, quindi il nome della pagina richiesta dall'utente, se coincidono
'rimando alla index
if strComp("creanews.asp", i(Ubound(i)), 1) = 0 then
  response.redirect request.servervariables("HTTP_REFERER")
end if


function isNewsMod(user, cat)
	if user <> "" and cat <> "" then
		if isNumeric(user) and isNumeric(cat) then
			set testRS = addConn.Execute("SELECT * FROM TB_NEWS_MOD WHERE IDutente = " & user & " AND IDcateg = " & cat)
			if not testRS.EOF then
				isNewsMod = true
			else
				isNewsMod = false
			end if
		else
			isNewsMod = false
		end if
	else
		isNewsMod = false
	end if
end function

Select case request.QueryString("pass")
		CASE "":
If session("uID") <> 0 AND session("uID") <> "" then
	set catRS = addConn.Execute("SELECT * FROM TB_NEWS_cAT")
	if NOT catRS.EOF then
	set topRS = addConn.Execute("SELECT * FROM TB_NEWS_TOPIC")
	if NOT topRS.EOF then
	%>
			<form name="form1" action="default.asp?modulo=news&amp;file=crea&amp;pass=1" method="post" onSubmit="return test()">
				
							<%=traduci("ling_news_23")%><br />
							<select name="cat" class="selectclass">
								<%
									Do while NOT catRS.EOF
										response.Write "<option style='text-align:left' value=""---"" "
										response.Write ">&raquo;" & catRS("nomeCat") &  "</option>"
										set topRS = addConn.Execute("SELECT * FROM TB_NEWS_TOPIC WHERE IDcategoria = " & catRS("IDcategoria"))
										if not topRS.EOF then
											Do while NOT topRS.EOF
												response.Write "<option value=""" & topRS("IDtopic") & """>" & topRS("nomeTopic") &  "</option>"
												topRS.moveNext
											Loop
										end if
										set topRS = Nothing									
										catRS.moveNext
									Loop
									set catRS = Nothing
								%>
							</select>
							<br /><br />
							<%=traduci("ling_news_26")%><br />
							<input class="inputclass" type="text" name="titolo" maxlength="50" /> <font class="testosmall"><%=traduci("ling_news_76")%></font>
	 						<br /><br />
							<%=traduci("ling_news_77")%>
					 <select class="selectclass" name="lingua">
	    <%
		  'Recupero tutti file dei themes e li raccolgo in un campo select
		  Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
		  Set objFolder = objFSO.GetFolder(Server.MapPath("lingua/"))
		  For each objFile in objFolder.Files
		  	if len(Replace(Replace(objFile.Name, "lingua-", ""), ".xml", "")) = 2 then
			%>
			<option value="<%=Replace(Replace(objFile.Name, "lingua-", ""), ".xml", "")%>" <%call selected(Replace(Replace(objFile.Name, "lingua-", ""), ".xml", ""), session("lingua"))%>><%=Replace(Replace(objFile.Name, "lingua-", ""), ".xml", "")%></option>
			<%
			end if
		  Next
	    %>		
		</select><br /><br />
						<%=traduci("ling_news_36")%>
						  <select name="prior" class="selectclass">
						   <option value="0"><%=traduci("ling_news_39")%></option>
						   <option value="1"><%=traduci("ling_news_40")%></option>
						  </select>
                          <br /><br />
							<%=traduci("ling_news_85")%><br />
						 <textarea name="ante" class="news" style="width:100%; height:80px;"></textarea>
						<br /><br />
							<%=traduci("ling_news_86")%>
						<br />
						<textarea name="testo" class="editor" style="width:100%; height:400px;"></textarea>
						<%
						Call creaComponente("editor","def")
						%>
	<script type="text/javascript">
	 //CONTROLLO CHE SIA PRESENTE IL testo DEL COMMENTO
	function test(){
			if (window.document.form1.titolo.value == ""){
				window.alert("<%=traduci("ling_news_18")%>");
				return false;
			}
			if(window.document.form1.cat.options[window.document.form1.cat.selectedIndex].value == "---"){
				alert("<%=traduci("ling_news_20")%>");
				return false;
			}
	
	 }
	</script>
    <br />
	<input type="submit" value="<%=traducisys("ling_111")%>" class="buttonclass" />
			
	</form>
	<%
	else
		Response.Write "<table width='95%' border='0'>"&vbNewLine
		Response.Write "<tr><td class=""testo"" width=32 valign=top><img src=""themes/SHARE/IMG_29.gif""></td><td align=""center""><p class=""testo"">"
		Response.Write Ucase("<b>"&traduci("ling_news_82")&"</b>")
		CALL autoReturn("default.asp?modulo=news", 4)
		Response.Write "<br><a class=testo href=""default.asp?modulo=news"">" & traducisys("ling_occ_117") & "</a>"	 
		Response.Write "</p></td></tr></table>"
	Set topRS = Nothing
	end if
	else
		Response.Write "<table width='95%' border='0'>"&vbNewLine
		Response.Write "<tr><td class=""testo"" width=32 valign=top><img src=""themes/SHARE/IMG_29.gif""></td><td align=""center""><p class=""testo"">"
		Response.Write Ucase("<b>"&traduci("ling_news_81")&"</b>")
		CALL autoReturn("default.asp?modulo=news", 4)
		Response.Write "<br><a class=testo href=""default.asp?modulo=news"">" & traducisys("ling_occ_117") & "</a>"	 
		Response.Write "</p></td></tr></table>"
	end if
else
		        Response.Write "<table class='comment'>"
		        Response.Write "<tr><td valign=""top"" align=""center"" width=""100%"" class=""testo"">"					 	
			Response.Write traduci("ling_news_88")
			Response.Write "</td></tr></table>"
end if

	CASE 1:
	
	set topRS = addConn.Execute("SELECT * FROM TB_NEWS_TOPIC WHERE IDtopic = " & request.Form("cat"))
	cateID = topRS("IDcategoria")
	set topRS = Nothing
	if session("livelloUser") = 2 OR isADM(session("uID"), "news") or isNewsMod(session("uID"), cateID) then
		stato = 1
	else
		stato = 0
	end if
	
	nwSQL = "INSERT INTO TB_NEWS(Autore, News, Ante, Titolo, Visite, IDtopic, IDcategoria, Data, Datapub, Lingua, Prior, Stato) VALUES('"&session("uID")&"','"&testSQLinj( request.Form("testo"))&"','"&testSQLinj(request.Form("ante"))&"','"&testSQLinj(request.Form("titolo"))&"','0','"&request.Form("cat")&"','"&cateID&"','"&DateToSTR(STR_TIME)&"','"&DateToSTR(STR_TIME)&"','"&request.Form("lingua")&"','"& request.Form("prior")&"','"&stato&"')"	
	
	addConn.Execute(nwSQL)
	
	if stato = 0 then
		Response.Write "<div style=""text-align:center"">"
		Response.Write "<b>"&traduci("ling_news_28")&"</b>"
		Response.Write "<br /><br /><a class=testo href=""default.asp?modulo=news"">" & traducisys("ling_occ_117") & "</a>"	 
		Response.Write "</div>"
	else
		response.Redirect "default.asp?modulo=news"
	end if
		
	End select
%>